The invention concerns a device for reading and encrypting sensitive data as set forth in the classifying portion of claim 1 and a corresponding method as set forth in the classifying portion of claim 7.
In many areas in daily life such as for example when withdrawing money from automatic teller machines, booking in at physicians practices or when communicating with authorities such as for example the tax office, the customer is required to prove his identity or authorisation. Correct identification of the user is generally a prerequisite for the enablement of further steps such as for example paying out money. A very wide range of different methods and systems are known from the state of the art for implementing identity or authorisation proof.
A system which is particularly frequently employed includes a card reader which reads out the data stored on a magnetic or chip card. Besides that, the user is generally additionally required to input a secret number (PIN) or a password. Other identification systems operate for example with scanners for detecting biometric data such as for example a fingerprint or the structure of the iris of the eye. The detected data are usually transmitted to a remote server where they are further processed and managed. For that purpose the data are firstly sent to a local computer, encrypted there and transmitted over the Internet to the central server. For reasons of data security it is a matter of the greatest importance that the data are transmitted securely and are not accessible at any time to unauthorised third parties.
Admittedly, by means of modern encryption methods such as for example PGP it is possible for the transmission of data over the Internet to be made sufficiently secure, but it is not possible thereby to prevent the data being accessed directly on the computer on which they are ascertained. Thus it is for example possible for the computer connected to the reader to be infected with a program (for example a trojan) and for the user data to be stored by means of that program and forwarded to unauthorised third parties. The consequence of that would be that extremely sensitive identification data would come into the possession of unauthorised parties and those parties could fraudulently use any services such as for example outgoing payments, remittances and so forth.
Therefore the object of the present invention is further to improve the security of identification systems and to prevent the penetration of unauthorised third parties.